
<?php
//1.验证cookie
//2.得到post参数,看是否完整正确
//3.写到DB中

include_once("../common.php");
//1.验证cookie
include "opDB.php";
$findflag = false;
$userid_post = NULL;
if (isset($_COOKIE['pgv_pvi'])){
	$ckuser = $_COOKIE['pgv_pvi'];
	
	$realUserId = getRealUserId($ckuser);

	if($realUserId != false){
		$user_sql = 'SELECT * FROM `user` WHERE `realUserId` = \''.$realUserId.'\' LIMIT 0, 1 ';
		$result = mysql_query($user_sql);	
		if($result != false){
			$row = mysql_fetch_array($result);
			$userid_post = $row['userId'];//发串回串用的ID

			$findflag = true;
		}
	}
}

if(!$findflag){
	echo "<h1>没有授权</h1>";//TODO:没cookie页面	
	mysql_close($con);
	return;
}

//2.得到post参数,看是否完整正确 //TODO:目前不考虑上传图片

$title = isset($_POST['name'])?htmlspecialchars($_POST['name']):"无名氏";
if($title == NULL){
	$title = "无名氏";
}
$content = isset($_POST['content'])?htmlspecialchars($_POST['content']):false;

if(!$content){
	mysql_close($con);
	echo "<h1>404</h1>";//TODO:404页面	
	return;
}

//找出tId和rId中最大的数值,增加一个偏移量即可
$result = mysql_query('SELECT `tId` FROM `thread` ORDER BY `tId` DESC LIMIT 0,1');
$row = mysql_fetch_array($result);
$curMaxId = intval($row['tId']);
$result = mysql_query('SELECT `rId` FROM `reply` ORDER BY `rId` DESC LIMIT 0,1');
$row = mysql_fetch_array($result);
$curMaxId = max($curMaxId,intval($row['rId']));
$tid = $curMaxId + 4;

//处理上传的图片
$picAddr = htmlspecialchars(saveUploadFile("upfile"));
//3.写到DB中
//先对数据进行转义过滤
$content = mysql_escape_string($content);
$title = mysql_escape_string($title);

$postThread_sql =  'INSERT INTO `thread` (`tId`, `userId`, `content`, `postTime`, `replyNum`, `delFlag`, `title`, `postName`,`picAddr`,`updateTime`) VALUES (\''.$tid.'\', \''.$userid_post.'\', \''.$content.'\', CURRENT_TIMESTAMP, \'0\', \'0\', \'无标题\', \''.$title.'\',\''.$picAddr.'\',NOW());';
mysql_query($postThread_sql);
mysql_close($con);

echo "<h1>(～￣▽￣)～ 发表成功</h1><br/>";

//返回
$board_id = get_POSTInt('board_id',0);
$thread_pageNo = get_POSTInt('thread_pageNo',0);
//echo '$thread_pageNo:'.$thread_pageNo;
echo '您将在2秒后返回......<br />';
echo '<meta http-equiv="Refresh" content="2;url=news.php?board_id='.$board_id.'&thread_pageNo='.$thread_pageNo.'">';
echo '如果未返回,请点这里';
echo '<a href="news.php?board_id='.$board_id.'&thread_pageNo='.$thread_pageNo.'">返回</a>';
?>